your tracking ID is:
None
IFRAME ID:
XHR ID:
This is a small proof-of-concept for a revived variant of EverCookie based on HTTP 301 redirect cache poisoning - blog post.
Interesting take aways:
- Tracking domain cache purge doesn't fix it (in this case tracker.0x41.link) - Chrome DevTools(Application->Storage->"Clear Site Data")
- Some browsers also fail to list the tracking domain in a 'Site Data'/'Cache' management UI.
Steps to reproduce (e.g. Chrome):
- Enter this website - you will get your tracking ID cookie
- Remove the 'cookieTracker' cookie or all site related data - in e.g. Chrome DevTools (Application->Storage->"Clear Site Data")
- Refresh this website - you will see the previously issued tracking ID
How this POC works :
- User visits e.g. https://evercookie.0x41.link/301/.
- Gets redirected via JS to https://tracker.0x41.link/track/ if cookie is missing.
- '/track/' is a 301 HTTP redirect to 'https://evercookie.0x41.link/301/redirect/UNIQUE_ID' which gets cached by browser.
- '/redirect/UNIQUE_ID' sets a cookie with the UNIQUE_ID
- When user visits https://tracker.0x41.link/track/ again with cleared cookies cached 301 redirect (/track/ to http://evercookie.0x41.link/301/redirect/UNIQUE_ID/) is being used - which allows user identification and previous 'cookieTracker' respawn.
How to mitigate this:
This depends on which browser you are currently using... but clearing an entire cache for ALL domains should do it - You have to remove everything since it's difficult to identify the exact tracking domain (on top of that in some browser it won't be even displayed).
All major browsers are affected (04/04/2021)
Author:
Piotr DuszyĆski (@drk1wi) http://duszynski.eu